Hello, if you dont know iptables that much, and would like to see more "user friendly" configuration method, i suggest you to use Shorewall, which is very flexible, has some clear logs, and generates same iptable rules behind.
2009/2/8 David fire <ddf...@gmail.com> > denay permit are in sip.conf and iax.conf > David > > 2009/2/7 oumar ndiaye <ondi...@antg.com> > > David, >> Thanks in advance. Where do I change the user/peers definition? Is it in >> the firewall of the OS? In that case that won't work because the server host >> other services such as ssh http that are open to any IP as long as the user >> has the correct credentials. Doesn't asterisk itself has built in security >> filters? >> >> If the only choice is to do in the OS's firewall, then I will need to >> include the port numbers of SIP, IAX in my firewall rules. In this case, >> which ports should I block to keep unwanted SIP/IAX connections from >> specific IP's. >> Thanks. >> >> On Sat, Feb 7, 2009 at 9:29 AM, David fire <ddf...@gmail.com> wrote: >> >>> you have many options but you should use it together. >>> firewall >>> >>> in the user/peers definitions add host=<ip> >>> and/or >>> deny=0.0.0.0/0.0.0.0 >>> permit=<ip>/<mask> >>> >>> change the ip of your server. >>> >>> use something like ossec to avoid force brute. >>> >>> David >>> >>> 2009/2/6 oumar ndiaye <ond4...@gmail.com> >>> >>>> Is there a way to restrict connection to my asterisk server to users >>>> based on their IP addresses, and not just password. I have some hackers who >>>> connect to my server to make illegitimate solicitation calls to people. I >>>> had to shutdown the server for now until I find a solution. ANY HELP? >>>> Thanks. >>>> ond >>>> >>>> _______________________________________________ >>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >>>> >>>> asterisk-users mailing list >>>> To UNSUBSCRIBE or update options visit: >>>> http://lists.digium.com/mailman/listinfo/asterisk-users >>>> >>> >>> >>> >>> -- >>> (\__/) >>> (='.'=)This is Bunny. Copy and paste bunny into your >>> (")_(")signature to help him gain world domination. >>> >>> >>> _______________________________________________ >>> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >>> >>> asterisk-users mailing list >>> To UNSUBSCRIBE or update options visit: >>> http://lists.digium.com/mailman/listinfo/asterisk-users >>> >> >> >> >> -- >> Oumar Ndiaye >> CTO >> ANTG Telecom >> www.antg.com >> ondi...@antg.com >> ondi...@alum.mit.edu >> ond4...@gmail.com >> Tel: +1-919-291-8742 >> >> >> _______________________________________________ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users >> > > > > -- > (\__/) > (='.'=)This is Bunny. Copy and paste bunny into your > (")_(")signature to help him gain world domination. > > > _______________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
_______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users